According to the New York Times on Sept. 2, the latest credit card breach of 2014 may be at Home Depot. The company is currently investigating whether credit and debit card data was stolen and put up for sale online.
The home improvement retailer issued a statement when contacted by Brian Krebs from Krebs on Security after he was informed by multiple banks of the possible breach.
“I can confirm we are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate,” Paula Drake, Home Depot spokeswoman, said, reading from a prepared statement. “Protecting our customers’ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has a occurred, we will make sure customers are notified immediately. Right now, for security reasons, it would be inappropriate for us to speculate further – but we will provide further information as soon as possible.”
The banks which contacted Krebs all purchased cards from the same underground store. Two huge batches of stolen cards were released today.
According to Krebs, the perpetrators of this latest hack may be the same group of Russians and Ukrainians responsible for recent data breaches at Target, Sally Beauty and P.F. Chang’s, among other retailers and restaurants. The breach at Home Depot may, in fact, go back to May of this year. That would make it bigger than last year’s Target breach which began in November 2013 and was reported a month later.
At the moment, it’s not known how many Home Depot locations are affected, but the Home Depot credit card breach of 2014 may include all of them. Home Depot’s stock fell two percent, closing at $91.15 per share on the news.